[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff Wed, 10 Jan 2018 13:38:25 -0800

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
1d345064 by Moritz Muehlenhoff at 2018-01-10T22:37:49+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -3,7 +3,7 @@ CVE-2017-1000441
 CVE-2017-1000439
        REJECTED
 CVE-2018-5331 (Discuz! DiscuzX X3.4 has XSS via the view parameter to ...)
-       TODO: check
+       NOT-FOR-US: Discuz!
 CVE-2018-5330
        RESERVED
 CVE-2018-5329
@@ -39,7 +39,7 @@ CVE-2018-5315
 CVE-2018-5314
        RESERVED
 CVE-2017-1000465 (Sulu-standard version 1.6.6 is vulnerable to stored 
cross-site ...)
-       TODO: check
+       NOT-FOR-US: Sulu-standard
 CVE-2017-1000429 (rui Li finecms 5.0.10 is vulnerable to a reflected XSS in 
the file ...)
        NOT-FOR-US: rui Li finecms
 CVE-2017-1000428 (flatCore-CMS 1.4.6 is vulnerable to reflected XSS in ...)
@@ -86,9 +86,9 @@ CVE-2018-5301 (Magento Community Edition and Enterprise 
Edition before 2.0.10 an
 CVE-2017-18025 (cgi-bin/drknow.cgi in Innotube ITGuard-Manager 0.0.0.1 allows 
remote ...)
        NOT-FOR-US: Innotube ITGuard-Manager
 CVE-2017-18024 (AvantFAX 3.3.3 has XSS via an arbitrary parameter name to the 
default ...)
-       TODO: check
+       NOT-FOR-US: AvantFAX
 CVE-2017-18023 (Office Tracker 11.2.5 has XSS via the logincount parameter to 
the ...)
-       TODO: check
+       NOT-FOR-US: Office Tracker
 CVE-2018-XXXX [Password protect the JSONRPC interface]
        - electrum 3.0.5-1 (bug #886683)
        [jessie] - electrum <not-affected> (Only affects >= 2.6.4)
@@ -134,7 +134,7 @@ CVE-2018-5284 (The ImageInject plugin 1.15 for WordPress 
has XSS via the flickr_
 CVE-2018-5283 (The Photos in Wifi application 1.0.1 for iOS has directory 
traversal ...)
        NOT-FOR-US: Photos in Wifi application for iOS
 CVE-2018-5282 (Kentico 9.0 through 11.0 has a stack-based buffer overflow via 
the ...)
-       TODO: check
+       NOT-FOR-US: Kentico
 CVE-2018-5281 (SonicWall SonicOS on Network Security Appliance (NSA) 2017 Q4 
devices ...)
        NOT-FOR-US: SonicWall SonicOS
 CVE-2018-5280 (SonicWall SonicOS on Network Security Appliance (NSA) 2016 Q4 
devices ...)
@@ -297,7 +297,7 @@ CVE-2018-5213 (The Simple Download Monitor plugin before 
3.5.4 for WordPress has
 CVE-2018-5212 (The Simple Download Monitor plugin before 3.5.4 for WordPress 
has XSS ...)
        NOT-FOR-US: Simple Download Monitor plugin for WordPress
 CVE-2018-5211 (PHP Melody version 2.7.1 suffer from SQL Injection Time-based 
attack ...)
-       TODO: check
+       NOT-FOR-US: PHP Melody
 CVE-2018-5210 (On Samsung mobile devices with N(7.x) software and Exynos 
chipsets, ...)
        NOT-FOR-US: Samsung mobile devices
 CVE-2018-5209
@@ -3315,9 +3315,9 @@ CVE-2017-1000418 (The WildMidi_Open function in WildMIDI 
since commit ...)
        NOTE: https://github.com/Mindwerks/wildmidi/issues/178
        NOTE: 
https://github.com/Mindwerks/wildmidi/commit/814f31d8eceda8401eb812fc2e94ed143fdad0ab
 CVE-2017-1000413 (Linaro's open source TEE solution called OP-TEE, version 
2.4.0 (and ...)
-       TODO: check
+       NOT-FOR-US: OP-TEE
 CVE-2017-1000412 (Linaro's open source TEE solution called OP-TEE, version 
2.4.0 (and ...)
-       TODO: check
+       NOT-FOR-US: OP-TEE
 CVE-2018-3816
        RESERVED
 CVE-2018-3815 (The &quot;XML Interface to Messaging, Scheduling, and 
Signaling&quot; (XIMSS) ...)
@@ -3873,7 +3873,7 @@ CVE-2018-3612
 CVE-2018-3611
        RESERVED
 CVE-2018-3610 (SEMA driver in Intel Driver and Support Assistant before 
version 3.1.1 ...)
-       TODO: check
+       NOT-FOR-US: Intel
 CVE-2017-17968 (A buffer overflow vulnerability in NetTransport.exe in 
NetTransport ...)
        NOT-FOR-US: NetTransport Download Manager
 CVE-2017-17967 (pptreader.dll in Kingsoft WPS Office 10.1.0.6930 allows remote 
...)
@@ -3921,7 +3921,7 @@ CVE-2017-17947
 CVE-2017-1000411
        RESERVED
 CVE-2017-17946 (A buffer overflow in Handy Password 4.9.3 allows remote 
attackers to ...)
-       TODO: check
+       NOT-FOR-US: Handy Password
 CVE-2017-17945
        RESERVED
 CVE-2017-17944
@@ -4259,7 +4259,7 @@ CVE-2017-17852 (kernel/bpf/verifier.c in the Linux kernel 
through 4.14.8 allows 
 CVE-2017-17842
        RESERVED
 CVE-2017-17841 (Palo Alto Networks PAN-OS 6.1, 7.1, and 8.0.x before 8.0.7, 
when an ...)
-       TODO: check
+       NOT-FOR-US: Palo Alto Networks PAN-OS
 CVE-2017-17840 (An issue was discovered in Open-iSCSI through 2.0.875. A local 
attacker ...)
        - open-iscsi 2.0.874-5 (bug #885021)
        [stretch] - open-iscsi <no-dsa> (Minor issue)
@@ -9294,7 +9294,7 @@ CVE-2017-17664 (A Remote Crash issue was discovered in 
Asterisk Open Source 13.x
 CVE-2017-17663
        RESERVED
 CVE-2017-17662 (Directory traversal in the HTTP server on Yawcam 0.2.6 through 
0.6.0 ...)
-       TODO: check
+       NOT-FOR-US: Yawcam
 CVE-2017-17661
        RESERVED
 CVE-2017-17660
@@ -15399,7 +15399,7 @@ CVE-2017-16516 (In the yajl-ruby gem 1.3.0 for Ruby, 
when a crafted JSON file is
 CVE-2017-16515
        RESERVED
 CVE-2017-16514 (Multiple persistent stored Cross-Site-Scripting (XSS) 
vulnerabilities ...)
-       TODO: check
+       NOT-FOR-US: WebsiteBaker
 CVE-2017-16513 (Ipswitch WS_FTP Professional before 12.6.0.3 has buffer 
overflows in ...)
        NOT-FOR-US: Ipswitch WS_FTP Professional
 CVE-2017-16512
@@ -17109,7 +17109,7 @@ CVE-2017-15943 (The configuration file import for 
applications, spyware and ...)
 CVE-2017-15942 (Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 
7.1.x ...)
        NOT-FOR-US: Palo Alto Networks PAN-OS
 CVE-2017-15941 (Cross-site scripting (XSS) vulnerability in Palo Alto Networks 
PAN-OS ...)
-       TODO: check
+       NOT-FOR-US: Palo Alto Networks PAN-OS
 CVE-2017-15940 (The web interface packet capture management component in Palo 
Alto ...)
        NOT-FOR-US: Palo Alto Networks PAN-OS
 CVE-2017-15939 (dwarf2.c in the Binary File Descriptor (BFD) library (aka 
libbfd), as ...)
@@ -17268,7 +17268,7 @@ CVE-2017-15885 (Reflected XSS in the web administration 
portal on the Axis 2100 
 CVE-2017-15884 (In HashiCorp Vagrant VMware Fusion plugin (aka 
vagrant-vmware-fusion) ...)
        NOT-FOR-US: HashiCorp Vagrant VMware Fusion plugin
 CVE-2017-15883 (Sitefinity 5.1, 5.2, 5.3, 5.4, 6.x, 7.x, 8.x, 9.x, and 10.x 
allow ...)
-       TODO: check
+       NOT-FOR-US: Sitefinity
 CVE-2017-15882 (The London Trust Media Private Internet Access (PIA) 
application before ...)
        NOT-FOR-US: London Trust Media Private Internet Access (PIA) application
 CVE-2017-15881 (Cross-Site Scripting vulnerability in KeystoneJS before 
4.0.0-beta.7 ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/1d3450645d50951b64cfddccc8284e9f429bcc92

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/1d3450645d50951b64cfddccc8284e9f429bcc92
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to